6:11 a.m.
Hi all,
Is this something we want to sign up to?
https://continuousassurance.org/
After a quick browse around their website, they seem to offer a platform
that runs static analysis tools. We can run them ourselves (and have
done so not so long ago), but it is nice to have a website do it for all
of us. (unfortunately, not many of us compile with clang; I gave up the
fight on Windows a while back, and will have to try again later)
cheers,
Johan
7:07 a.m.
On Tue, 2014-07-29 at 23:11 +0200, Johan Engelen wrote:
After a quick browse around their website, they seem to offer a
platform
that runs static analysis tools. We can run them ourselves (and have
done so not so long ago), but it is nice to have a website do it for
all of us. (unfortunately, not many of us compile with clang; I gave
up the fight on Windows a while back, and will have to try again
later)
I was with the LibreOffice team at their recent Hackfest. They use clang
for their C++ codebase, and were running speed testing. And I wondered
how much overlap there might be, how much we could learn from each
other.
Does anyone maintain a connection with LibreOffice development?
Martin,
5:40 p.m.
I can ping someone. What do you want to know, exactly?
Alex
30 июля 2014 г. 2:07 пользователь "Martin Owens" <doctormo@...39...3...>
написал:
On Tue, 2014-07-29 at 23:11 +0200, Johan Engelen wrote:
> After a quick browse around their website, they seem to offer a
> platform
> that runs static analysis tools. We can run them ourselves (and have
> done so not so long ago), but it is nice to have a website do it for
> all of us. (unfortunately, not many of us compile with clang; I gave
> up the fight on Windows a while back, and will have to try again
> later)
I was with the LibreOffice team at their recent Hackfest. They use clang
for their C++ codebase, and were running speed testing. And I wondered
how much overlap there might be, how much we could learn from each
other.
Does anyone maintain a connection with LibreOffice development?
Martin,
------------------------------------------------------------------------------
Infragistics Professional
Build stunning WinForms apps today!
Reboot your WinForms applications with our WinForms controls.
Build a bridge from your legacy apps to the future.
http://pubads.g.doubleclick.net/gampad/clk?id=153845071&iu=/4140/ostg...
_______________________________________________
Inkscape-board mailing list
Inkscape-board(a)lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/inkscape-board
4:41 p.m.
On Tue, Jul 29, 2014 at 11:11:13PM +0200, Johan Engelen wrote:
Hi all,
Is this something we want to sign up to?
https://continuousassurance.org/
After a quick browse around their website, they seem to offer a platform
that runs static analysis tools. We can run them ourselves (and have
done so not so long ago), but it is nice to have a website do it for all
of us. (unfortunately, not many of us compile with clang; I gave up the
fight on Windows a while back, and will have to try again later)
Perhaps you could drop them a line and see if they have special offers
for open source / non-profit projects like us? Coverity has done this
for various projects.
In any case, before forming an opinion on this I'd want to know the
ballpark cost, and what the results/output looks like.
From past experience I know that the trick with static analysis tools
is
less in the actual running of them, and more in following up on getting
the discovered issues resolved, so another question would be if we have
volunteers interested in working on those issues.
I also suspect that 90% of the benefit will be gained from the first
run, since it'll flag a ton of issues. Once we've addressed all those,
the amount of new issues that crop up over time should be much smaller.
So if it ends up being very expensive, we could consider signing up for
the minimum amount of time just to get the raw list of issues.
Bryce
4:49 p.m.
On Wed, 2014-07-30 at 00:41 -0700, Bryce Harrington wrote:
On Tue, Jul 29, 2014 at 11:11:13PM +0200, Johan Engelen wrote:
> Hi all,
> Is this something we want to sign up to?
> https://continuousassurance.org/
>
> After a quick browse around their website, they seem to offer a platform
> that runs static analysis tools. We can run them ourselves (and have
> done so not so long ago), but it is nice to have a website do it for all
> of us. (unfortunately, not many of us compile with clang; I gave up the
> fight on Windows a while back, and will have to try again later)
Perhaps you could drop them a line and see if they have special offers
for open source / non-profit projects like us? Coverity has done this
for various projects.
In any case, before forming an opinion on this I'd want to know the
ballpark cost, and what the results/output looks like.
I just looked, it's free.
>From past experience I know that the trick with static analysis
tools is
less in the actual running of them, and more in following up on getting
the discovered issues resolved, so another question would be if we have
volunteers interested in working on those issues.
I think this looks quite interesting. I would help out.
I also suspect that 90% of the benefit will be gained from the first
run, since it'll flag a ton of issues. Once we've addressed all those,
the amount of new issues that crop up over time should be much smaller.
So if it ends up being very expensive, we could consider signing up for
the minimum amount of time just to get the raw list of issues.
Tav
9:44 a.m.
On Wed, Jul 30, 2014 at 10:14:34AM +0000, J.B.C. Engelen (Johan) wrote:
Op 30-07-2014 om 09:49, schreef Tavmjong Bah
<tavmjong@...47...>:
On Wed, 2014-07-30 at 00:41 -0700, Bryce Harrington wrote:
On Tue, Jul 29, 2014 at 11:11:13PM +0200, Johan Engelen wrote:
Hi all,
Is this something we want to sign up to?
https://continuousassurance.org/
After a quick browse around their website, they seem to offer a
platform
that runs static analysis tools. We can run them ourselves (and
have
done so not so long ago), but it is nice to have a website do it
for all
of us. (unfortunately, not many of us compile with clang; I gave up
the
fight on Windows a while back, and will have to try again later)
Perhaps you could drop them a line and see if they have special offers
for open source / non-profit projects like us? Coverity has done this
for various projects.
In any case, before forming an opinion on this I'd want to know the
ballpark cost, and what the results/output looks like.
I just looked, it's free.
Yes, sorry forgot to mention. This is why I suggested it.
Ah, excellent. Well, if no money expenditures are needed, then it
sounds like a regular development activity, so no board decision needs
to be made. Personally I think static analysis tools are great and
should be used. You might float your proposal on inkscape-devel@ to get
wider buy in though.
I pretty strongly believe we should move towards heavy use of these
tools, and
requiring clean builds from any branch work etc. before it is merged. We've had
many bugs that would have been easily resolved by these tools. Last time I ran
clang I got a ton of potential bugs with very few false positives. The list
included links to source and traces through source, some with 40+ decision
steps along the way.
I've signed myself up and will sign Inkscape up as a project. Let's see how it
works out.
Sounds good. Let's continue discussion about it on inkscape-devel@...89...
Meanwhile, if you have access to clang: have a look. GCC has improved
a lot too
(perhaps because of clang). clang's scanbuild is amazing. clang's
address-sanatizer is *amazing* (from what I've seen in talks), but I have not
tested it myself.
Perhaps an item for the roadmap would be to set up a consistent set of
static (and non-static) testing tools (perhaps invokable from make),
which could be run from a centralized location. (Again
though... another topic for inkscape-devel@ discussion.)
Thanks,
Bryce
6:11 a.m.
Very briefly on current status: I have an open ticket about problems
building Inkscape (dependencies it seems).
-Johan
On 7-8-2014 2:44, Bryce Harrington wrote:
On Wed, Jul 30, 2014 at 10:14:34AM +0000, J.B.C. Engelen (Johan)
wrote:
> Op 30-07-2014 om 09:49, schreef Tavmjong Bah <tavmjong@...47...>:
>
> On Wed, 2014-07-30 at 00:41 -0700, Bryce Harrington wrote:
>
> On Tue, Jul 29, 2014 at 11:11:13PM +0200, Johan Engelen wrote:
>
> Hi all,
> Is this something we want to sign up to?
> https://continuousassurance.org/
>
> After a quick browse around their website, they seem to offer a
> platform
> that runs static analysis tools. We can run them ourselves (and
> have
> done so not so long ago), but it is nice to have a website do it
> for all
> of us. (unfortunately, not many of us compile with clang; I gave up
> the
> fight on Windows a while back, and will have to try again later)
>
>
> Perhaps you could drop them a line and see if they have special offers
> for open source / non-profit projects like us? Coverity has done this
> for various projects.
>
> In any case, before forming an opinion on this I'd want to know the
> ballpark cost, and what the results/output looks like.
>
>
> I just looked, it's free.
>
>
> Yes, sorry forgot to mention. This is why I suggested it.
Ah, excellent. Well, if no money expenditures are needed, then it
sounds like a regular development activity, so no board decision needs
to be made. Personally I think static analysis tools are great and
should be used. You might float your proposal on inkscape-devel@ to get
wider buy in though.
> I pretty strongly believe we should move towards heavy use of these tools, and
> requiring clean builds from any branch work etc. before it is merged. We've had
> many bugs that would have been easily resolved by these tools. Last time I ran
> clang I got a ton of potential bugs with very few false positives. The list
> included links to source and traces through source, some with 40+ decision
> steps along the way.
>
> I've signed myself up and will sign Inkscape up as a project. Let's see how
it
> works out.
Sounds good. Let's continue discussion about it on inkscape-devel@...89...
> Meanwhile, if you have access to clang: have a look. GCC has improved a lot too
> (perhaps because of clang). clang's scanbuild is amazing. clang's
> address-sanatizer is *amazing* (from what I've seen in talks), but I have not
> tested it myself.
Perhaps an item for the roadmap would be to set up a consistent set of
static (and non-static) testing tools (perhaps invokable from make),
which could be run from a centralized location. (Again
though... another topic for inkscape-devel@ discussion.)
Thanks,
Bryce
3216
days inactive
3225
days old
inkscape-board@lists.inkscape.org
8 comments
7 participants
participants (7)
-
Alexandre Prokoudine -
Bryce Harrington -
J.B.C. Engelen (Johan) -
Johan Engelen -
Josh Andler -
Martin Owens -
Tavmjong Bah